OK, so what happens when someone else uses my address, perhaps using my passport, captured from some mail sent by me to someone?
I think the term of art is "being Joe Jobbed". Every now and then, I get a bounced report that claims something I sent is being returned, but it was not sent by me. This "something" is most often spam sent to someone else. Sometimes it contains a virus. Apparently this is a trick to get me to open it. Anyway, I think your Passport Scheme needs some more work. Cheers...\Stef At 11:50 +0100 6/6/03, Graham Klyne wrote: >At 12:12 05/06/03 -0700, Hallam-Baker, Phillip wrote: >>A spam sender could attempt to use disposable certificates in the same way >>that IP addresses and dialup accounts are considered disposable. This is >>unlikely to work for long, the spam sender can set up lots of shell >>companies at the same address but if the CA keeps authenticating to the same >>address or phone number the pattern will soon become apparent. > >Hmmm... is there an economic play here? > ><background> >First, briefly, my view of the spam situation. I don't think it's fundamentally an >Internet protocol design issue (though some design tweaks may help). Essentially, I >think people currently have the choice of >(1) putting filters in place and accept the loss of some non-spam mail, or >(2) accepting a deluge of spam, and not lose any mail. In practice, I think this >option doesn't exist, because I find that (lacking spam filters) I do lose a few >pieces of non-spam mail because I don't recognize the sender or subject. So I see a >way forward to be a "passport" mechanism to reliably bypass automated spam filters, a >kind of whitelist++. ></background> > >So back to my question: is there an economic play here? > >(I was offered the opinion once that a big *disadvantage* of email compared with fax >for business transactions was that it has almost zero incremental cost of use.) > >I'm thinking of a cert issued for a small sum of money, without any authentication >other than the purchaser promises something like "I promise not to spam with this >certificate". At the earliest evidence of it being used for spamming, it is revoked. > The price should be small enough to be accessible to any reasonable person, but high >enough that the bill for daily or hourly renewal would become significant. > >Maybe crazy, just thinking aloud... > >#g > > >------------------- >Graham Klyne ><[EMAIL PROTECTED]> >PGP: 0FAA 69FF C083 000B A2E9 A131 01B9 1C7A DBCA CB5E
